Thesaurus : Doctrine
► Full Reference : E. Netter, "Les technologies de conformité pour satisfaire les exigences du droit de la compliance. Exemple du numérique" (Conformity technologies to meet the requirements of Compliance Caw. Digital example), in M.-A. Frison-Roche (dir.), L'obligation de Compliance, Journal of Regulation & Compliance (JoRC) and Dalloz, coll. "Régulations & Compliance", 2024, forthcoming.
____
📕read the general presentation of the book, L'obligation de Compliance, in which this contribution is published.
____
► English summary of this contribution (done by the Journal of Regulation & Compliance) :The author distinguishes between Compliance, which refers to Monumental Goals, and conformity, which are the concrete means that the company uses to tend towards them, through processes, check-lists in the monitoring of which the operator is accountable (art. 5.2. GRPD). Technology enables the operator to meet this requirement, as the changing nature of technology fits in well with the very general nature of the goals pursued, which leave plenty of room for businesses and public authorities to produce soft law.
The contribution focuses firstly on existing technologies. Through Compliance, Law can prohibit a technology or restrict its use because it runs counter to the goal pursued, for example the technology of fully automated decisions producing legal effects on individuals. Because it is a perilous exercise to dictate by law what is good and what is bad in this area, the method is rather one of explicability, i.e. control through knowledge by others.
Regulators are nevertheless developing numerous requirements stemming from the Monumental Goals of Compliance. Operators must update their technology or abandon obsolete technology in the light of new risks or to enable effective competition that does not lock users into a closed system. But technological power must not become too intrusive, as the privacy and freedom of the individuals concerned must be respected, which leads to the principles of necessity and proportionality.
The author stresses that operators must comply with the regulations by using certain technologies if these technologies are available, or even to counteract them if they are contrary to the goals of the regulations, but this obligation of conformity is applied only if these technologies are available. The notion of "available technology" therefore becomes the criterion of the obligation, which means that its content varies with circumstances and time, particularly in the area of cybersecurity.
In the second part of this contribution, the author examines technologies that are only potential, those that Law, and in particular the courts, might require companies to invent in order to fulfill their conformity obligation. This is quite understandable when we are talking about technologies that are in the making, but which will come to fruition, for example in the area of personal data transfer to satisfy the right to portability (GRPD), or where companies must be encouraged to develop technologies that are of less immediate benefit to them, or in the area of secure payment to ensure strong authentication (SPD 2).
This is more difficult for technologies whose feasibility is not even certain, such as online age verification or the interoperability of secure messaging systems, two requirements which appear to be technologically contradictory in their terms, and which therefore still come under the heading of "imaginary technology". But Compliance is putting so much pressure on companies, particularly digital technology companies, that considerable investment is required to achieve it.
The author concludes that this is the very ambition of Compliance and that the future will show how successful it will be.
____
🦉This article is available in full texte for persons following Professor Marie-Anne Frison-Roche teaching.
________
Sept. 7, 2019
Blog
Lisant sur mon écran d'ordinateur un article en accès libre dans une revue en partie librement accessible numériquement, une mention attire mon attention.
Elle a de quoi laisser perplexe toute personne qui écrit des articles et ouvrage qui requiert des lectures, lectures dont on indique au lecteur la trace pour l'inviter à son tour à y procéder dans ses propres recherches. Dans des travaux de recherche, de découverte et d'interrogation, donc.
Voilà le texte de la mention. :
Des DOI (Digital Object Identifier) sont automatiquement ajoutés aux références par Bilbo, l'outil d'annotation bibliographique d'OpenEdition.
Les utilisateurs des institutions abonnées à l'un des programmes freemium d'OpenEdition peuvent télécharger les références bibliographiques pour lesquelles Bilbo a trouvé un DOI.
"sont automatiquement ajoutés" ?
Il s'agit littéralement d'un "outil d'annotation bibliographique" ?
Si l'on s'abonne (le prix n'est pas indiqué, mais quand on écrit "-ium", c'est pour dire que l'on sort du gratuit...; comme le fait l'entreprise américaine Academia qui propose rapidement de "upgrapder" par un service payant pour accéder ), automatiquement les références seront téléchargées dès l'instant que l'algorithme, répondant au nom de "Bilbo" (n'est-ce pas le nom d'un personnage dans Le seigneur des anneaux ?), mais qui dans le civil a un nom qui reproduit sa fonction (Digital Object Identifier) fonction exprimée en langue anglaise va "automatiquement ajouter" une référence aux autres références qui auront été tacquées par l'algorithme.
Est-ce raisonnable ? Est-ce efficace ? Est-ce sans danger ?
C'est mécaniquement efficace, dès l'instant que l'on conçoit la référence bibliographique comme un "entassement mécanique" (I). Mais la référence bibliographique est et doit être tout autre chose, ce que les machines ne peuvent en rien restituer : être le reflet du parcours intellectuel que l'être humain qui écrivit l'article ou l'ouvrage fit pour écrit ce texte-là, une invitation à la lecture (et les machines ne lisent pas, on en arrive aujourd'hui à devoir le rappeler). Cette définition qui fut partagée de la bibliographie, qui ne mesure pas l'ampleur de l'empilement mais dessine ce vers quoi l'auteur s'est tourné pour chercher, pour trouver des réponses aux questions qu'il s'est posées, cela seul une personne peut le faire. En rien "Bilbo" (II). Or, si l'on se repose sur celui-ci, contre un abonnement, pour faire cette tâche-là, qui n'est reflet de rien, non seulement la bibliographie ne sera plus rien, mais des effets pervers, comme ceux observés comme celui des "citations", vont s'accroître (III).
Ensuite, si Bilbo écrit les bibliographie, tandis que Sophia fait les conférences, pourquoi un autre algorithme, que l'on pourrait appeler Thesarus ne pourrait pas écrire thèse, livre, essai, article, en ayant compilé toutes les règles formelles à respecter. Pourquoi non ? On se souviendra alors que les machines et les suites de chiffres ne lisent pas, n'écrivent pas, ne conçoivent pas, n'apprennent pas (l'expression Learning machine est un oximore), ne mémorisent pas (la "mémoire" d'un ordinaire n'est qu'une image), ne traduisent pas, n'ont pas d'émotion, n'aiment pas. Seuls les êtres humains le peuvent. Le sait-on encore ?
Lire ci-dessous une analyse plus détaillée.
Updated: Sept. 8, 2018 (Initial publication: April 30, 2018)
Publications
► This working document was intended to serve as a support for a conference pronounced in French in the conference Droit et Ethique ( Law & Ethics) of May 31, 2018 in a symposium organized by the Court of Cassation and the Association Française de Philosophie du Droit. French Association of Philosophy of Law on the general theme Law & Ethics.
See a general presentation of this conference.
Rather, it has served as a support for the article to be published in the Archives de Philosophie du Droit (APD). This article is written in French.
► Summary: It is through the Law that the human being has acquired a unity in the West (I). What religion could have done, the Law also did by posing on each human being the indetachable notion of him of "person" (I.A). But this is what is challenged today, not the personality and the power that the human being has to express his freedom but the unity that implies in the disposition that we have of ourselves in repelling the desire that others have always had to dispose of us. Current law tends to "pulverize" human beings into data and transform into neutral legal services what was considered before as the devouring of others. The legal concept of "consent", ceasing to be proof of a free will but becoming an autonomous concept, would suffice (I.B.).
To prevent the reigning of the "law of desires", which merely reflects the adjustment of forces, we must demand here and now the ethical sovereignty of Law, because Law can not be just just be just the interests adjustment (II). We can form this request if we do not want to live in an a-moral universe (II.A), if we see that the unity of the person is the legal invention that protects the weak human being (II.B.). If we admit this imperative, then we must finally ask who in the legal system will express and impose it, especially the legislator or the judge, because we seem to have lost the ability to recall this principle of the Person on which the West was so centered. But the principles that are no longer said disappear. There would then remain only the case-by-case adjustment of interests between human beings in the world field of particular forces. At this yardstick, Law would be more than a technique of securisation of particular adjustments. Law would be reduced at that and would have lost its link with Ethics. (II.C).